Warning: Altis v17 is no longer supported.

Consent API

The Consent API is a developer API to read and register consent categories, to allow consent management and other plugins to work together, improving compliance.

How does it work?

The Consent API adds two new concepts: a consent_type and a consent category. Categories are used to group user data by its intended usage, e.g. marketing. consent_type defines whether consent is optin, optout or some other type defined in the code.

The default consent type can be set in the code. The Altis Consent module defaults the consent type to optin, except for the functional and statistics-anonymous categories. This tells you that user data stored locally should only be used if a user explicitly allows access. If the default consent_type is set to optout, user data will be assumed to be okay to use unless a user explicitly disallows access.

The default categories functional and statistics-anonymous that are allowed by default can be modified using the altis.consent.always_allow_categories filter. The example below will make only the functional category allowed by default:

add_filter( 'altis.consent.always_allow_categories', function () {
    return [ 'functional' ];
} );

Other consent types can be defined within the code.

The Consent API defines five consent categories by default:

  • statistics

Cookies or any other form of local storage that are used exclusively for statistical purposes (Analytics Cookies).

  • statistics-anonymous

Cookies or any other form of local storage that are used exclusively for anonymous statistical purposes (Anonymous Analytics Cookies), that are placed on a first party domain, and that do not allow identification of particular individuals.

  • marketing

Cookies or any other form of local storage required to create user profiles to send advertising or to track the user on a website or across websites for similar marketing purposes.

  • functional

Functional cookies or any other form of local storage are any kind of user data that is required for the proper functionality of a site that cannot be disabled without affecting a user's ability to navigate the site. An example is the cookies that WordPress stores to handle user sign-ins for administrators -- if these cookies were blocked, an administrator would not be able to use the site. In these cases, the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user.

  • preferences

Cookies or any other form of local storage that can not be seen as statistics, statistics-anonymous, marketing or functional, and where the technical storage or access is necessary for the legitimate purpose of storing preferences.

Additional consent categories can be defined within a site's code.